Internet Users Hbk - Chapter 6f. Various Types and Examples of Internet Scams
Chapter 6f. Various Types and Examples of Internet Scams
6.19 AlertPay Joins The Online Scam Prevention Effort
Friday, April 8, 2011 Phishing alert: Recognizing the latest scam involving AlertPay's name AlertPay Scam PreventionSome of you may have heard about a scam taking place through Facebook regarding our payment platform's name. Someone out there has been posting messages on people's Facebook walls telling them about Alert Pay’s "Own0" contest. The message directs readers to a website that looks just like our login page, but it actually IS NOT in any way affiliated with the real AlertPay.com.
How can you tell if it is not indeed our own website? Well, it's actually quite simple. Our URL is "AlertPay.com", not "AlertPay.own0.com". So if you come across a URL that reads like the latter, DO NOT enter your login credentials as this will compromise your security and the confidentiality of your personal information. Here is what it looks like on Facebook:
It's really quite a clever scam in that the con artist is actually referring to the contest as "Own0" -- the extension at the end of the fake AlertPay URL (what appears after "alertpay"). This subtle move is just enough to convince people that the URL is legitimate when, again, it is NOT. It's also important to note that the alleged "AlertPay Facebook assistant's" post is not well-written. Although we are far from the best writers in the world (there can only be one Hemingway), but we do pay much attention to spelling, format and grammar.
HOW IT WORKS
If you click on this link, it will whisk you away to a FAKE AlertPay login page and you will be prompted to enter your login credentials. It will appear that the page is reloading and will actually redirect you back to the original login page. Why the reloading? Probably to confuse you! After entering your credentials and clicking on the login button, the scammer is actually recording the information you entered into the "Email" and "Password" fields.
Once they capture those details, they can come straight to our website and gain access to your account to do what they please. You do not want this, so do not click on the link. If it does not say "AlertPay" or "AlertPay.com/ [name of one of our sub-pages], avoid clicking on it at all costs
Furthermore, our Security team is highly skilled in the art of busting people like this, but this is no excuse to be complacent. Your knowledge of these things is ultimately your responsibility so please do a little homework on the types of scams that can (and do) take place regularly in the online world.
We are not trying to scare you all, but we believe we need to be blunt and just a little frightening to communicate the gravity of these types of scams.
For more information on phishing and how to safeguard yourself against malicious individuals concerned only with personal gain, please visit our AlertPay Security page. Thanks for reading and take care! AlertPay
Tuesday, July 19, 2011 AlertPay scam prevention: even more information on phishingAs online security is one of our favorite topics, today we will look at some very specific online scams you have to watch out for: cloud computing scams, social networking scams, Skype scams and Adobe phishing scams. If you spend any amount of time online, you are not immune to these and should take some time to become familiar with them and the ways in which you can protect yourself.
Cloud computing scamsCloud computing just means that rather than make your own computer do all the work involved in running applications, you access a network of other computers in a cloud to do it; the user does not need to have as much software and hardware installed on their own computer. Using Gmail and Hotmail is an example of cloud computing – your information is not stored on your own computer, but in a service’s computer cloud.
One common cloud computing scam involves Google docs. Phishers use this tool to lure users into sharing their personal information. Google spreadsheets can be used to create forms to collect information, and often look like they are from well-known, reputable companies when they are not. A red flag to watch out for is the URL linking to the scamtastic Google doc; it usually contains the command word “formkey”, followed by an equal sign and a randomly generated identifier link.
Do yourself a favor and do not click on the link or enter personal information in any of the documents or form fields.
Social networking scamsSocial networking has not only created new avenues for communication between people, it has also given scammers the world over a near infinite variety of ways to con people. With the advent of new social networking sites, there now exists even more opportunity to weave clever webs into which unwitting victims fall and become tangled. Mere hype in enough to ensnare most people, as with already-viral Google+ scams.
Everyone is excited about Google’s own social networking site, Google+. The only way you can sample the new service is by invite only. I’m sure you can see what’s coming now. That’s right – scammers have discovered a way to create fake Google+ invitations. They come through email, even Facebook. Here’s what to do in both cases – don’t click on any links because they will take you somewhere you don’t want to go.
With email, make sure to check the identity of the person sending the email. If you don’t know the recipient, don’t open or click on any links. If it appears to be from a friend, email them and ask if they sent you an invitation to the new service.
With Facebook, if you may receive a message that appears to be an invitation to Google+. You will be asked to allow third-party access to your account. The safest thing to do is to skip this altogether and deny access to your account since if you grant access, the third party can post on your wall and send messages to your friends.
To learn how to disable problematic apps like this, watch this video from Sophos:
Other scams to look out for through Facebook include the infamous “Koobface worm” and Facebook login
pages with a URL that differs from www.facebook.com.
And just a word to the wise: the only safe Facebook landing page is www.facebook.com.
SKYPE scamsThe scams that happen through Skype are usually system update phone calls. You may be asked to click on a link to download new anti-virus software. One question to ask yourself is "Why is Skype telling me my computer has a virus?" How would Skype even know to detect this? They do not sell anti-virus software. It's almost like a clothing store clerk asking you if you want fries with that.
Skype scams may also involve emails asking you to click on a link or provide personal information, like email addresses and passwords. Always check the URL to make sure the site to which you have been directed is legitimate. For example, Skype URLs and email addresses should show skype.com not something.skype.com.
If you are ever worried about your Skype account becoming compromised, the good people at Skype recommend you reset your password immediately.
Adobe Phishing ScamsAdobe software like Acrobat, Reader and Flash has long been targeted by malware developers to deliver all manner of different scams. According to PC World, Adobe phishing scams “simply prey on the heightened awareness of Adobe security issues”. In other words, Adobe scams come disguised as security patches.
Luckily, there are some signs to look out for to tell if a security patch is legit or if it’s a phishing attempt. Firstly, you might receive an email with the security update. Adobe does not usually email users about their security patches. Rather, the updates are installed automatically when you boot up your computer.
If you’ve received an email that looks like it’s from Adobe, check the actual sender email address. If it says anything other than [xxxx]@adobe.com, odds are it’s a phishing attempt.
One of most obvious tell-tale signs of any phishing attempt is atrocious grammar and spelling mistakes, as well as confusing content referring to “Adobe Acrobat Reader” without specifying which software you will be updating.
Now that you know all about these types of scams, avoid them like the plague and tell friends and family about them to avoid the messes they are so infamous for causing. AlertPay
Tuesday, January 25, 2011 All about the scareware campaign running rampant in TwitterHi members,
Some of you may have heard about the recent viral spam campaign running rampant through Twitter. If you haven't, here's the story....
Malicious hackers, also known as "black hats", compromised some accounts and launched a viral scareware campaign in which they used Google's URL shortening service, goo.gl, to hide the true location of the link.
They tweet the link along with a text that says "Cool" or something equally nonthreatening. When someone clicks on the shortened link, they are whisked away to an unknown location (thanks to said shortened URL) and scared into downloading and paying for a "Security Shield" program; they are told that their computers have been compromised and the only way they can thwart the problem is to download and pay for the security software.
The goal of this scam is to get tweeters to click on the link, download a file and pay for a bogus security program. The problem with this is that it's too easy to click on the link. Why? Because most of the link is hidden from view. Since Twitter only allows tweeters to post a specific number of characters, URL shortening services have popped up to allow people to post their status AND a link without going over the character limit.
HOW DOES SOMETHING LIKE THIS HAPPEN?
It may have all started due to the high incidence of people using the same passwords on different sites. If one of their sites has been compromised, then the hacker has access to all sites sharing the same password. You can understand how this can all go awry.
THE DANGERS OF URL SHORTENING
Some security experts have been saying that URL shortening can lead to an increase in cyber-crimes, giving hackers the ability to post a link without worrying about hiding the true URL; they don't have to since URL shortening services unwittingly help them with this.
Despite the absence of security tips in the articles we reviewed for this blog, we've come up with a handful to help you stay safe and secure when tweeting and using social media:
1. Use different passwords on different sites. Using the same passwords on different sites will put you at risk for a security breach. We don't want to sound alarmist, but it's a fact. Use different passwords and try to make them as complex as possible.
2. Avoid clicking on shortened URLs. Because you really have no idea where the link will take you.
3. Pay attention to the content posted with the tweeted link. Does it sound like something one of your followers would tweet? If it sounds out of character and if your friend does not usually post links, don't click on it.
Now for the ultimate philosophical question... why do hackers do the things they do?
Hackers love to brag; this is just another notch in their belt. Also, greed seems to be yet another guiding force behind online scams. Hackers will go to great lengths to get information and money out of you. Educate yourself and try to stay ahead of the game. Thanks for reading and stay safe! AlertPay